A $250 Entirely Automated Bug Bounty
TL;DR- In my experience, the easiest bounties are fuzzing/leaked file ones, and all it takes is a few clicks of an automated tool to make some quick $$$.
Frankly, bug hunting for beginners is hard. Really, really hard. It’ll take a while to actually start finding decent vulnerabilities, and even then providing an exploitable scenario in writing can be challenging. Fortunately, on lesser known bug bounty sites like the one’s detailed in this article, it becomes much easier to find smaller and more attainable rewards.
On the off chance that you’re a seasoned bug hunter and clicked on this article anyway, here’s a guide on finding high-ranking P1 bounties →
If you’re already pretty decent at finding bounties or if you’re trying to find a place to start looking at simpler type bounties, this post will be a great read for you.
I’ve gotta say, all it took were a few scans in the right places, and knowing what to look for. Bug hunting doesn’t have to be this insanely complex task that takes months to finally have an impact. Sometimes, just a few hours and the right type of analysis does the trick.
I started out with ffuf, a fairly simple fuzzing tool that’s open source and very popular for this type of bounty hunting →
All it takes is compiling a list of subdomains for a website using tools like gau and scanning them with ffuf to try and find any juicy filetypes or contents. I’ve essentially streamlined this and automated it with a few different tools in my automation script here →
Those methods work the best for my style of bug hunting. If you’re really unfamiliar with the code in that tool, or if you really can’t grasp the cybersecurity concepts well enough to understand real-world scenarios, I suggest taking a look at some CTFs like picoCTF and learning platforms like HackTheBox.
Thanks for reading about my experience with fuzzing bounties. To read even more about computer science and hacking, check out The Gray Area. Support me by signing up for a Medium membership using my referral link:
This gives you access to all of my content and helps support my writing at no extra cost to you. Thanks!